Skip to content

Harden LLM tool confirmations#40

Open
goanpeca wants to merge 1 commit into
mainfrom
security/harden-lm-tool-confirmations
Open

Harden LLM tool confirmations#40
goanpeca wants to merge 1 commit into
mainfrom
security/harden-lm-tool-confirmations

Conversation

@goanpeca
Copy link
Copy Markdown
Collaborator

@goanpeca goanpeca commented Jun 4, 2026
edited
Loading

Summary

  • add risk classes for all Copilot / Language Model B2 tools
  • show confirmation prompts that name the concrete effect before each tool runs
  • strengthen destructive and data-sharing prompts for deleteFile and presignUrl
  • document agent-mode prompt-injection caution and least-privilege guidance
  • add tests covering risk metadata and confirmation text for read, write, destructive, and exfiltration-capable tools

Validation

  • GitHub Actions passed: CodeQL, GitHub Actions security, format/lint/type check, VS Code extension tests, VSIX build/verify, docs generation, and packaging

Notes

  • This is a security hardening change for AI/agent tool use and does not change the underlying B2 API operations.

@goanpeca goanpeca self-assigned this Jun 4, 2026
Copilot AI review requested due to automatic review settings June 4, 2026 18:28
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 4, 2026

Extension Build Ready

Download the VSIX from the workflow artifacts above.

Installation

VS Code UI: Extensions > ... > Install from VSIX...

CLI:

code --install-extension b2-vscode-*.vsix

@goanpeca goanpeca added security Security-impacting issue ai-safety AI / agent Language Model tool safety priority: high High priority labels Jun 4, 2026
@goanpeca goanpeca added this to the v0.2.0 milestone Jun 4, 2026
@goanpeca goanpeca requested a review from Copilot June 4, 2026 22:19
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.

Comment thread src/tools/b2ToolAdapter.ts
Comment on lines +38 to +41
switch (this.definition.risk) {
case "destructive":
title = `Confirm: ${this.definition.displayName}`;
parts.push(`⚠️ This will **${effect ?? "delete data in B2"}**.`);
Comment thread src/tools/definitions/uploadFile.ts
Comment on lines +35 to +36
describeEffect: (input) =>
`upload ${String(input.localPath)} to b2://${String(input.bucket)}/${String(input.remotePath ?? "(file name)")}`,
Comment thread src/test/suite/toolSafety.test.ts
Comment on lines +44 to +45
test("all tool definitions declare a risk level", () => {
for (const def of [deleteFileTool, presignUrlTool, listBucketsTool, uploadFileTool]) {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@goanpeca goanpeca

Labels

ai-safety AI / agent Language Model tool safety priority: high High priority security Security-impacting issue

Projects

None yet

Milestone

v0.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@goanpeca